Overview

overview

10

Static

static

3

2d569cd3a4...df.exe

windows7-x64

10

2d569cd3a4...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d569cd3a4fb84151c61f6f01d4362d965fab6259e1f77f519b1afb57b266cdf.exe

  • Size

    219KB

  • Sample

    241222-pan6rsxqfq

  • MD5

    b204eee274173e2eed0e827352b750bf

  • SHA1

    6dbabe0417d1029ada4c6d40e5ffa5a605e3f7d3

  • SHA256

    2d569cd3a4fb84151c61f6f01d4362d965fab6259e1f77f519b1afb57b266cdf

  • SHA512

    679f76662bc8d9051df27bec096f74b434cfb44b3eccdddc8d2b89b466ed670624bdc1377f2397668a36cabb9e6fb5ed6f21c4ba06a9aff88343f3738174d302

  • SSDEEP

    3072:SaboN5DOvXaPzwuZkO0aDb/IBPCOQvU6z314EXrjvwSfYrwBtw:SaboWXwzDOO0aDD4PCxdXXwSfYrwBW

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      2d569cd3a4fb84151c61f6f01d4362d965fab6259e1f77f519b1afb57b266cdf.exe

    • Size

      219KB

    • MD5

      b204eee274173e2eed0e827352b750bf

    • SHA1

      6dbabe0417d1029ada4c6d40e5ffa5a605e3f7d3

    • SHA256

      2d569cd3a4fb84151c61f6f01d4362d965fab6259e1f77f519b1afb57b266cdf

    • SHA512

      679f76662bc8d9051df27bec096f74b434cfb44b3eccdddc8d2b89b466ed670624bdc1377f2397668a36cabb9e6fb5ed6f21c4ba06a9aff88343f3738174d302

    • SSDEEP

      3072:SaboN5DOvXaPzwuZkO0aDb/IBPCOQvU6z314EXrjvwSfYrwBtw:SaboWXwzDOO0aDD4PCxdXXwSfYrwBW

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks